ad.linker??

[reojem]

ciao scusate se magari chiedo cose che sono già state chieste in precedenza.. purtoppo sono incasinato.. e non capisco più che fare.. mi viene rilevato un ad.linker.. è possibile?? ogni tanto mi parte una finestra con un download da eseguire che non ho mai accettato.. vi posto il mio log...

ringrazio vivamente tutti

Logfile of HijackThis v1.99.1
Scan saved at 19.59.08, on 17/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\explorer.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\spoolw.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\spoolw.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\Programmi\TRUST\Software Bluetooth\BTTray.exe
C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\lsasss .exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication .exe
C:\Programmi\PowerISO\PWRISOVM .EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\961656.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\roberto\Impostazioni locali\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\mllmj.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A1580 6F97BDE4417E70CE7C0726B954E1C2832211379926033AAC01 F09DDF7618419154310B87659CA5E04E5067DF690232BC13E3 C283211730856D1E27
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\System32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam1.vilhelmina.se/activex/AxisCamControl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://148.61.37.229/activex/AMC.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

[reojem]

scusate.. posto HijackThis v. 2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.34.05, on 17/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\explorer.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\spoolw.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\spoolw.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\Programmi\TRUST\Software Bluetooth\BTTray.exe
C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\lsasss .exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication .exe
C:\Programmi\PowerISO\PWRISOVM .EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\roberto\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\mllmj.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A1580 6F97BDE4417E70CE7C0726B954E1C2832211379926033AAC01 F09DDF7618419154310B87659CA5E04E5067DF690232BC13E3 C283211730856D1E27
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\System32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\service32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam1.vilhelmina.se/activex/AxisCamControl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://148.61.37.229/activex/AMC.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6179 bytes

[reojem]

vi prego aiutatemi... altrimenti spacco tutto... la cosa è peggiorata... mi si aprono in continuazione finestre di internet explorer... e da pochi minuti il mio antivirus continua a segnalarmi un Trojan.Vundo che si chiama rqropon.dll

HELLLPPP

[tecnico24]

Ciao,Disabilita il ripristino configurazione di sistema
Avvia hijackthis,spunta a sinistra su queste voci e sotto fix checked:

Quote:

O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\service32.exe

O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\System32\igfxsvc.exe

O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\System32\spoolw.exe

O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A1580 6F97BDE4417E70CE7C0726B954E1C2832211379926033AAC01 F09DDF7618419154310B87659CA5E04E5067DF690232BC13E3 C283211730856D1E27

F3 - REG:win.ini: load=C:\WINDOWS\System32\mllmj.exe

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

Poi scaricati Avenger
-Estrai ed avvia avenger.exe
-Seleziona Input script manually e poi sulla lente di ingrandimento.
-Nello spazio vuoto inserisci queste righe con copia incolla:

Quote:

Files to delete:
C:\WINDOWS\service32.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\lsasss.exe
C:\WINDOWS\System32\igfxsvc.exe
C:\WINDOWS\System32\spoolw.exe

-Clicca su done.
-Clicca sul semaforo verde.
-Acconsenti due volte Si,riavvia il pc,al ritorno posta il log di avenger(c:\avenger.txt).


Infine ti consiglio un aggiornamento con windowsupdate è stai a posto.